3 Network Reference

The following pages contain information about network configurations and ports.

Network Configurations

This section provides the example configurations and connectivity information for Enterprise Manager Ops Center. Other configurations are possible, such as using separate switches for each network. You can implement your network using any combination of VLANs and switches. Each network, whether management, provisioning, or data, must be assigned to separate VLANs.

  • Separate management, provisioning, and data networks

  • Combined management and provisioning network and a separate data network

  • Combined provisioning and data network and a separate management network

  • Combined provisioning, data, and management network

Separate Management, Provisioning, and Data Networks

  • Separate networks provide the highest security and the lowest number of points of failure.

  • Additional NICs are needed to support this configuration.

Figure 3-1 Separate Management, Provisioning, and Data Networks

Description of Figure 3-1 follows
Description of "Figure 3-1 Separate Management, Provisioning, and Data Networks"

A configuration with separate management, provisioning, and data networks has these requirements:

  • Enterprise Controller/Proxy Controller

    • ETH0 connects the Enterprise Controller/Proxy Controller to the corporate network for external access. Configure the ETH0 IP address, netmask, and gateway to meet corporate connectivity requirements.

    • ETH1 connects the Enterprise Controller/Proxy Controller to the provisioning network and must be on the same network as the ETH0 connections of the agents. Only the Enterprise Controller/Proxy Controller and the agents must reside on the provisioning network. ETH1 must be a 1 Gb NIC interface.

    • ETH2 connects the Enterprise Controller/Proxy Controller to the management network and must be on the same network as the management port connections of the agents. Configure the ETH2 IP address, netmask, and gateway to enable connectivity to the agents' management port IP addresses. ETH2 must be a 100 Mb NIC interface.

    • The DHCP service allocates IP addresses to the agents for loading operating systems.

  • Agents

    • Each agent's management port connects the agent to the management network and must be on the same network as the ETH2 connection of the Enterprise Controller/Proxy Controller. The management port must be a 100 Mb connection.

    • ETH0 connects the agent to the provisioning network and must be on the same network as the ETH1 connection of the Enterprise Controller/Proxy Controller. ETH0 must be a 1 GB connection.

    • ETH1 connects the agent to the data network through the switch to provide corporate network access to the agent. ETH1 must be a 1 GB connection.

Combined Management and Provisioning Network and a Separate Data Network

  • Reduced system and network security.

  • No additional NIC is needed on the Enterprise Controller or Proxy Controller.

Figure 3-2 Combined Management and Provisioning Network and a Separate Data Network

Description of Figure 3-2 follows
Description of "Figure 3-2 Combined Management and Provisioning Network and a Separate Data Network"

  • Enterprise Controller/Proxy Controller

    • ETH0 connects the Enterprise Controller/Proxy Controller to the corporate network to provide external access. Configure the ETH0 IP address, netmask, and gateway to meet corporate connectivity requirements.

    • ETH1 connects the Enterprise Controller/Proxy Controller to the management and provisioning network and must be on the same network as the MGMT and ETH0 connections of the agents. Only the Enterprise Controller/Proxy Controller and the agents must reside on the management and provisioning network. The ETH1 IP address, netmask, and gateway must be configured to enable connectivity to the agent's management port IP addresses. ETH1 must be a 1 Gb NIC interface.

    • The DHCP service allocates IP addresses to the agents for loading operating systems.

  • Agents

    • Each agent's management port connects the agent to the management and provisioning network and must be on the same network as the ETH1 connection of the Enterprise Controller/Proxy Controller. The management port must be a 100 Mb connection.

    • ETH0 connects the agent to the management and provisioning network and must be on the same network as the ETH1 connection of the Enterprise Controller/Proxy Controller. ETH0 must be a 1 GB connection.

    • ETH1 connects the agent to the data network through the switch to provide corporate network access to the agent. ETH1 must be a 1-GB connection.

Combined Provisioning and Data Network and a Separate Management Network

Figure 3-3 Combined Provisioning and Data Network and a Separate Management Network

Description of Figure 3-3 follows
Description of "Figure 3-3 Combined Provisioning and Data Network and a Separate Management Network"

  • Enterprise Controller/Proxy Controller

    • ETH0 connects the Enterprise Controller/Proxy Controller to the corporate network to provide external access. Configure the ETH0 IP address, netmask, and gateway to meet corporate connectivity requirements.

    • ETH1 connects the Enterprise Controller/Proxy Controller to the provisioning and data network and must be on the same network as the ETH0 connections of the agents. Only the Enterprise Controller/Proxy Controller and the agents must reside on the data and provisioning network. ETH1 must be a 1 Gb NIC interface.

    • ETH2 connects the Enterprise Controller/Proxy Controller to the management network and must be on the same network as the management port connections of the agents. Configure the ETH2 IP address, netmask, and gateway to enable connectivity to the agent's management port IP addresses. ETH2 must be a 100 Mb NIC interface.

    • The DHCP service allocates IP addresses to the agents for loading operating systems.

  • Agents

    • The management port connects the agent to the management network and must be on the same network as the ETH2 connection of the Enterprise Controller/Proxy Controller. The management port must be a 100 Mb connection.

    • ETH0 connects the agent to the data and provisioning network to provide corporate network access to the agent. ETH0 connection must be on the same network as the ETH1 connection of the Enterprise Controller/Proxy Controller. ETH0 must be a 1 GB connection.

Combined Provisioning, Data, and Management Network

  • Least secure system and network

  • No additional NIC is needed for the Enterprise Controller/Proxy Controller.

Figure 3-4 Combined Provisioning, Data, and Management Network

Description of Figure 3-4 follows
Description of "Figure 3-4 Combined Provisioning, Data, and Management Network"

  • Enterprise Controller/Proxy Controller

    • ETH0 connects the Enterprise Controller/Proxy Controller to the corporate network to provide external access. Configure the ETH0 IP address, netmask, and gateway to meet corporate connectivity requirements.

    • ETH1 connects the Enterprise Controller/Proxy Controller to the combined management, provisioning, and data network and must be on the same network as the MGMT and ETH0 connections of the agents. Only the Enterprise Controller/Proxy Controller and the agents must reside on the combined network. ETH1 must be a 1 GB NIC interface.

    • The DHCP service allocates IP addresses to the agents for loading operating systems.

  • Agents

    • Each agent's management port connects the agent to the management, provisioning, and data network and must be on the same network as the ETH1 connection of the Enterprise Controller/Proxy Controller. The management port must be a 100 MB connection.

    • ETH0 connects the agent to the management, provisioning, and data network, and must be on the same network as the ETH1 connection of the Enterprise Controller/Proxy Controller. ETH0 also connects the agent to the data network through the switch to provide external corporate network access to the agent. ETH0 must be a 1 GB connection.

Network Port Requirements and Protocols

This section lists the ports and protocols used by Oracle Enterprise Manager Ops Center.

The Enterprise Controller's default port is 443. If port 443 is in use, the Enterprise Controller uses Port 11165. The following table describes the required ports and their protocols.

Table 3-1 Required Ports and Protocols

Communication Protocol and Port Purpose

Browser to Enterprise Controller

HTTPS, TCP 9443

Web interface

Browser to Enterprise Controller

HTTP, TCP 80

Redirects to port 9443

Proxy Controller to Enterprise Controller

HTTPS, TCP 443

Proxy Controller pushes asset data to Enterprise Controller.

Proxy Controller pulls data for jobs, updates, agents, and OS images.

Proxy Controller to Targets

FTP, TCP: Port 21 SSH, TCP: Port 22 Telnet, TCP: Port 23 DHCP, UDP: Ports 67, 68 SNMP, UDP: Ports 161, 162 IPMI, TCP+UDP: Port 623 Service Tags, TCP: Port 6481 ICMP ping: no port

Discovery, bare-metal provisioning, management, and monitoring.

For ICMP, proxy controllers send an echo request ping (Type 8) and receive either an echo reply ping (Type 0) or destination unreachable (Type 3).

Enterprise Controller to Proxy Controller

SSH: Port 22

During Proxy Controller installation or updates performed through the UI.

Agent to Proxy Controller

HTTPS, TCP: Port 21165

Agents push asset data to Proxy Controller.

Agents pull data for jobs.

Agent to Proxy Controller

HTTPS, TCP: Port 8002

Agents pull updates from Proxy Controller.

OS to Proxy Controller

HTTP, TCP: Port 8004

OS provisioning job's completion status

Linux OS provisioning

Download of the agent archive file.

Upload of the status messages about failed agent installations

Java client to public APIs

Transport Layer Security(TLS): Port 11172

JMX access from clients

WMI to agent

Port 11162

Communication to agent on Windows targets

Proxy Controller to NFS server

Port 2049 (default)

See operating system documentation for configuring NFS

Proxy Controller pulls provisioning images.

Enterprise Controller

Port 8005

Enterprise Controller in Disconnected mode

Network Switch Configuration

Use these guidelines to configure a network switch for a system running the Enterprise Manager Ops Center software.

  • Use an 8- or 16-port Virtual LAN (VLAN)-capable switch.

  • Discover and manage the switch.

  • If your site uses VLAN, create a separate VLAN for Ops Center management and provisioning networks.

  • Disable spanning-tree protocols on the switch.

For Ethernet connectivity:

  • The management network must be a 10/100 connection.

  • The provisioning and data networks must be a 10/100/1000 (1 GB) connection.